actions/cargo-install
actions/cargo-install
3
0
Fork 0
mirror of https://github.com/dtolnay/install.git synced 2025-01-31 07:01:20 +01:00
Code Issues Projects Activity Pipelines

Perform artifact attestation

Browse source
This commit is contained in:
David Tolnay 2025-01-26 12:48:26 -08:00
parent 6bb039a9a5
commit ef622f5ab6
No known key found for this signature in database
GPG key ID: F9BA143B95FF6D82
25 changed files with 53 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/bindgen.yml vendored
View file

@ -13,5 +13,7 @@ jobs:
crate: bindgen-cli
bin: bindgen
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/buckle.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: buckle
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

5
.github/workflows/build.yml vendored
View file

@ -38,7 +38,9 @@ jobs:
name: ${{inputs.crate}}
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
attestations: write
timeout-minutes: 45
steps:
- uses: actions/checkout@v4
@ -63,6 +65,9 @@ jobs:
- run: gpg --output ${{inputs.bin || inputs.crate}}.sig --detach-sig ${{steps.which.outputs.which}}
- run: gpg --output signing-key.gpg --dearmor signing-key.asc
- run: gpg --no-default-keyring --keyring ./signing-key.gpg --verify ${{inputs.bin || inputs.crate}}.sig ${{steps.which.outputs.which}}
- uses: actions/attest-build-provenance@v2
with:
subject-path: ${{steps.which.outputs.which}}
- run: git tag -d ${{inputs.crate}} || true
- run: git tag ${{inputs.crate}}
- run: git push origin tag ${{inputs.crate}} --force

2
.github/workflows/cargo-afl.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-afl
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-bloat.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-bloat
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-docs-rs.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-docs-rs
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-expand.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-expand
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-fuzz.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-fuzz
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-llvm-lines.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-llvm-lines
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-outdated.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-outdated
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-tally.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-tally
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-unlock.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-unlock
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cargo-web.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cargo-web
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cbindgen.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: cbindgen
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/cxxbridge-cmd.yml vendored
View file

@ -13,5 +13,7 @@ jobs:
crate: cxxbridge-cmd
bin: cxxbridge
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/dircnt.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: dircnt
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/dotslash.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: dotslash
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/faketty.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: faketty
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/honggfuzz.yml vendored
View file

@ -13,5 +13,7 @@ jobs:
crate: honggfuzz
bin: cargo-hfuzz
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/mdbook.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: mdbook
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/reindeer.yml vendored
View file

@ -13,5 +13,7 @@ jobs:
crate: reindeer
git: facebookincubator/reindeer
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/rustup-toolchain-install-master.yml vendored
View file

@ -14,5 +14,7 @@ jobs:
git: dtolnay-contrib/rustup-toolchain-install-master
ref: nodefault
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/sha1dir.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: sha1dir
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/star-history.yml vendored
View file

@ -12,5 +12,7 @@ jobs:
with:
crate: star-history
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit

2
.github/workflows/taplo-cli.yml vendored
View file

@ -14,5 +14,7 @@ jobs:
bin: taplo
locked: true
permissions:
id-token: write
contents: write
attestations: write
secrets: inherit